I'm using openstack4j to do project-scoped authenticatation.
os = OSFactory.builderV3()
.endpoint("http://controller:5000/v3")
.scopeToProject(Identifier.byId("1435221d37fd41699101bd739fe4375b"))
.credentials("admin", "openstack", Identifier.byName("default"))
.authenticate();
This statement can be run correctly. But my problem is: before authentication, how do I know the project id?
So I changed another way to solve this question. First, I removed the scopeToProject method in above code and got a successfully unscoped authentication.
os = OSFactory.builderV3()
.endpoint("http://controller:5000/v3")
.credentials("admin", "openstack", Identifier.byName("default"))
.authenticate();
I can obtain the userId = os.getToken().getUser().getId();. But when I execute os.identity().users().listUserProjects(userId) to get the projects this user belongs to, the following exception was thrown:
java.lang.NullPointerException
at org.openstack4j.openstack.identity.internal.DefaultEndpointURLResolver.resolveV3(DefaultEndpointURLResolver.java:120)
at org.openstack4j.openstack.identity.internal.DefaultEndpointURLResolver.findURLV3(DefaultEndpointURLResolver.java:70)
at org.openstack4j.openstack.internal.OSClientSession$OSClientSessionV3.getEndpoint(OSClientSession.java:388)
at org.openstack4j.core.transport.HttpRequest$RequestBuilder.build(HttpRequest.java:405)
at org.openstack4j.openstack.internal.BaseOpenStackService$Invocation.execute(BaseOpenStackService.java:192)
at org.openstack4j.openstack.internal.BaseOpenStackService$Invocation.execute(BaseOpenStackService.java:187)
at org.openstack4j.openstack.identity.v3.internal.UserServiceImpl.listUserProjects(UserServiceImpl.java:121)
...
This exception thrown at token.getCatalog(). Because the result of getCatelog() is null.
NOTE: I know in openstack dashboard login page, the user just need input the domain name, username, password and then the project information will returned after authentication. This is exactly what I want.
I assigned a default project for user admin using openstack dashboard, and now it works fine.
Related
I am writing a .NET Console application, our goal is keep a message on the queue and read the message. the message header should contain User Name & Password. I try to pass the Message with below code it is not working.
hashTable.Add(MQC.TRANSPORT_PROPERTY, MQC.TRANSPORT_MQSERIES_CLIENT);
hashTable.Add(MQC.HOST_NAME_PROPERTY, strServerName);
hashTable.Add(MQC.CHANNEL_PROPERTY, strChannelName);
hashTable.Add(MQC.PORT_PROPERTY, 1414);
hashTable.Add(MQC.USER_ID_PROPERTY, "XXXXXX");
hashTable.Add(MQC.PASSWORD_PROPERTY, "XXXXXX");
hashTable.Add(MQC.USE_MQCSP_AUTHENTICATION_PROPERTY, true);
queueManager = new MQQueueManager(strQueueManagerName,hashTable);
queue = queueManager.AccessQueue(requestQueue, MQC.MQOO_OUTPUT + MQC.MQOO_FAIL_IF_QUIESCING);
requestMessage = new MQMessage();
requestMessage.WriteString(StrAPICMessage);
requestMessage.Format = MQC.MQFMT_STRING;
requestMessage.MessageType = MQC.MQMT_REQUEST;
requestMessage.Report = MQC.MQRO_COPY_MSG_ID_TO_CORREL_ID;
requestMessage.ReplyToQueueName = responseQueue;
requestMessage.ReplyToQueueManagerName = strQueueManagerName;
queuePutMessageOptions = new MQPutMessageOptions();
queue.Put(requestMessage, queuePutMessageOptions);
In the Message Descriptor it is taking the default value mentioned MQ Server. it is not takeing my UserName "XXXXX"
I have tried using the CSICS Bridge header also unable to send the message with my application Service account + Password.
help me on this scenario.
See "MQCSP authentication mode" here: https://www.ibm.com/docs/en/ibm-mq/latest?topic=authentication-connection-java-client
It says:
In this mode, the client-side user ID is sent as well as the user ID and password to be authenticated, so you are able to use ADOPTCTX(NO). The user ID and password are available to a server-connection security exit in the MQCSP structure that is provided in the MQCXP structure.
"client-side user ID" means the UserId that the application is running under. Therefore, if you are authenticating with a different UserId than the one that the application is running under.
Therefore, you (or your MQAdmin) will need to change ADOPTCTX to YES.
Your program works fine for me, when I fill in the correct values for my qmgr connection.
Except for one change I made: instead of TRANSPORT_MQSERIES_CLIENT I used TRANSPORT_MQSERIES_MANAGED. That keeps everything in the managed .Net space.
Without that change, I was actually getting MQRC_UNSUPPORTED_FUNCTION during the connection which typically means either some kind of mismatch between versions of interfaces, or it couldn't find the C dll that underpins the unmanaged environment. And I wasn't going to take time to dig into that further.
Running amqsbcg against the output queue, I see
UserIdentifier : 'mqguest '
which is the id I had set in the USER_ID_PROPERTY.
I am debugging confirmation email flow when signing up a new User in Asp.Net Core web application with Identity Server 4.
Since I had already signed up with my actual email, to reuse it, I modified the UserName and Email in AspNetUsers table using SQL Update to some random value.
Now when I am signing up with the original email again. I am getting a duplicate user error
result = await _userManager.CreateAsync(user, model.Password);
I have already:
Cleared browser cache.
Closed local IIS Express
Restarted Visual Studio.
Used_userManager.DeleteAsync() after updating the UserName and Email back to original values but this gives an Microsoft.AspNetCore.Identity.IdentityError with description Optimistic concurrency failure, object has been modified.
On running this query on Sql Server
select * from INFORMATION_SCHEMA.COLUMNS where COLUMN_NAME in ( 'UserName' , 'Email')
I get the following:
I know that this is not a good practice to mess with backend, but this is development environment and I could continue my work with another email.
I would request readers to help in understanding how the User could be safely scorched to be able to reuse the email.
Appreciate your time
I agree with Kyle's comment and to further speed up your debug process you should note that if you use gmail to do this you can debug this process using one email.
from google/gmails perspective myaccount#gmail.com == my.acount#gmail.com == m.y.a.c.c.ount#gmail.com etc etc just try it out, google disregards all period characters in the email. you can enumerate/exhaust ~2^8 emails (in this example) if you just enumerate through the local-part of the e-mail address. but from your applications side, myaccount#gmail.com is not the same as my.account#gmail.com, ie they are different user accounts. Basically you can use one email to test out this feature of yours without having to delete the user.
Here is how I did it and finally got passed the pesky "concurrency failure" error message... This works in ASP.NET CORE 2.2
Obtain the user object through the FindByName method first.
Remove the user from their assigned Role (in this case I hard coded "Admin" because that is the role I'm interested in but fill in your own), then delete the user.
//Delete user.
//Obtain the user object through the FindByName method first.
//Remove the user from their assigned Role, then delete the user.
var userManager = serviceProvider.GetRequiredService<UserManager<ApplicationUser>>();
ApplicationUser delAppUser = new ApplicationUser
{
Email = "SomeEmailForindividualAdminUser",
UserName = "SomeUsernameindividualAdminUser"
};
Task <ApplicationUser> taskGetUserAppUser = userManager.FindByNameAsync(delAppUser.UserName);
taskGetUserAppUser.Wait();
Task<IdentityResult> taskRemoveFromRoleAppUser = userManager.RemoveFromRoleAsync(taskGetUserAppUser.Result, "Admin");
taskRemoveFromRoleAppUser.Wait();
Task<IdentityResult> taskDeleteAppUser = userManager.DeleteAsync(taskGetUserAppUser.Result);
taskDeleteAppUser.Wait();
I am getting the following exception whenever i try to fetch defects from rally:
com.google.gson.JsonSyntaxException:
com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 12
at com.google.gson.JsonParser.parse(JsonParser.java:65)
at com.google.gson.JsonParser.parse(JsonParser.java:45)
at com.rallydev.rest.response.Response.<init>(Response.java:25)
at com.rallydev.rest.response.QueryResponse.<init>(QueryResponse.java:16)
at com.rallydev.rest.RallyRestApi.query(RallyRestApi.java:168)
at Test.main(Test.java:86)
Caused by: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 1 column 12
at com.google.gson.stream.JsonReader.syntaxError(JsonReader.java:1505)
at com.google.gson.stream.JsonReader.checkLenient(JsonReader.java:1386)
at com.google.gson.stream.JsonReader.doPeek(JsonReader.java:531)
at com.google.gson.stream.JsonReader.peek(JsonReader.java:414)
at com.google.gson.JsonParser.parse(JsonParser.java:60)
... 5
What intrigues me most is the code works perfectly fine on few machines and throws the above exception on few.
code snippet :
RallyRestApi restApi =
new RallyRestApi(new URI("http://rally1.rallydev.com"),apiKey);
QueryRequest queryRequest = new QueryRequest("defects");
queryRequest.setFetch(new Fetch("Project","FormattedID","Release"));
QueryFilter filter1 = new QueryFilter("FormattedID", "=", defetctID);
QueryResponse queryResponse1 = restApi.query(queryRequest);
Try a curl command to read the same defect using the same apiKey (in zsessionid header) on the same machine from which your java code fails.
curl --header "ZSESSIONID: _abc123" "https://rally1.rallydev.com/slm/webservice/v2.0/defect/123456789"
At least you will know if this is specific to java or not. Yes, it is strange that it fails on some machines and works on others, but the timing of those tests is not obvious from your post, and I wonder if this has anything to do with the underlying user credentials. (A user gets disabled for a period of time after a number of unsuccessful attempts). I am not positive that this is the issue you experience but I have seen when expired password caused the exact same error. API Keys are tied to a user, so when a user's password is expired, or when a user is inactivated (disabled) the same permissions(or the lack of them) is reflected in the key. For example, a user did not know that the password was expired because in the Rally UI they used SSO authentiation, but in the code they used either username/password or APIKey since the toolkit does not support SSO at this point. A 401 error would be more helpful, but instead a malformed JSON is generated.
I have a database-project, created based on my existing database. It also added the scripts for creating users. One of those scripts is =>
CREATE USER [JOOS_NT\Indigo.Development] FOR LOGIN [JOOS_NT\Indigo.Dev.svc];
This script works fine on my database. But in my database-project this script is throwing an error when I build it. The error is:
"SQL70527: 'JOOS_NT\Indigo.Development' is not a valid name because it contains characters that are not valid."
It seems the "\" in the [JOOS_NT\Indigo.Development] is not allowed. However on the database itself I can run the query and it works fine. If I change it to [JOOS_NT/Indigo.Development] I don't get the error, but when comparing the scripts in the project to the existing database, it would drop the user ([JOOS_NT\Indigo.Development]) and replace it with ([JOOS_NT/Indigo.Development])
What am I missing?
Answering for someone who will look in the future.
On the database project, if a '\' character is included in the user name, the login should match the user name.
Because that, this don't work:
CREATE USER [JOOS_NT\Indigo.Development] FOR LOGIN [JOOS_NT\Indigo.Dev.svc];
But this will:
CREATE USER [JOOS_NT\Indigo.Development] FOR LOGIN [JOOS_NT\Indigo.Development];
Or
CREATE USER [JOOS_NT\Indigo.Dev.svc] FOR LOGIN [JOOS_NT\Indigo.Dev.svc];
I'm not sure if this is the expected behavior or a bug.
This is by design. The core issue is that in the "CREATE USER FOR LOGIN" based on a windows user login, if you are using a domain name for the user then this must match the login's domain name + login name. See this post on MSDN
I am using Koala gem and in my UI i have an share link. How can i share the posts using the post id. Can it be done like this.
#facebook = FacebookToken.first
#graph = Koala::Facebook::API.new(#facebook.access_token)
#graph.put_object(params[:post_id], "share",:message => "First!")
It gives the following error
Koala::Facebook::ClientError: type: OAuthException, code: 240, message: (#240) Requires a valid user is specified (either via the session or via the API parameter for specifying the user. [HTTP 403]
I thing something going wrong with permission. I have added the following permission in the fave bool app
"share_item,manage_pages,publish_stream,read_stream,offline_access,create_event,read_insights, manage_notifications"
Do I need to some other permission to share a post using post id
The first parameter in put_object is not the post ID, but the ID of who is sharing it, be it a page or user.
So instead of saying:
#graph.put_object(params[:post_id] ...
You would say:
//the current user
#graph.put_object('me' ...
or
//any user that you have a UID for
#graph.put_object(#user.uid ...
or
//a page that you have post permissions for
#graph.put_object(#facebook_page.id ...
Also in a future version of Koala, put_object will be a bit different, and you should go ahead and switch over to put_connection.